Vulnerability Scanning Service Description

Service Category - Vulnerability Management Services

Availability - Now

The Whole of Queensland Government (WoQG) Vulnerability Scanning Service provides Queensland Government (QG) agencies with the understanding and preparedness to detect, prevent and respond to the increased risk of cyber- attacks on services which reside on either internal or external internet facing ICT systems.

Agencies can utilise a vendor provided vulnerability scanning console service called Insight VM by Rapid 7, delivered by RioT Solutions, to identify, categorise and report on identified vulnerabilities throughout the organisations machine or server fleet. The Vulnerability Scanning service enables QG organisations to obtain targeted intelligence which can guide activities such as installation of patches to correct security and functionality problems in software and firmware.

The WoQG Vulnerability Scanning Service is comprised of the following two key components:

  • Vulnerability Scanning
    This service utilises the Rapid 7 Insight Platform and Splunk Dashboard to collect, analyse and visualise data streams of cyber security vulnerabilities present within an organisation’s IT systems and technology infrastructures. The dashboard enables large data streams to be transformed into useful information which can be used to inform internal engagement and decision-making to achieve powerful business and operational outcomes
  • Vulnerability Health Check
    This is a consultation service provided by RioT Solutions which takes place annually and is included as part of the WoQG Vulnerability Scanning service offering. Based on an agency's core business functions and priorities, the Vulnerability Health Check service involves analysing historical vulnerability data collected in the Splunk Dashboard and iteratively fine-tuning future vulnerability scanning parameters in order to improve an organisations cyber threat mitigation initiative. A Vulnerability Health Check Report is provided to the agency as part of this consultation.
    • Clients who have been consuming the WoQG Vulnerability Scanning service for more than 12 months are encouraged to complete the online application form to book a Vulnerability Health Check.
  • Application Scanning (optional add-on)
    As an optional add-on service, agencies have a choice to purchase licenses to access the InsightAppSec application vulnerability scanning console, by Rapid7.

Business Benefits
  • Enables informed engagement and decision-making based on real-time cyber threat vulnerability information in order to improve business and operational outcomes.
  • Flexible and scalable solution available either as a:
    • Dedicated infrastructure model for larger agencies with diverse technology infrastructures who prefer to host and manage their Vulnerability Scanning functions inhouse, or
    • Shared-infrastructure model which ideally suits the cyber security needs of smaller agencies with limited ICT resources. The shared approach allows for system support functions to be managed externally while still providing useful vulnerability threat intelligence to agencies in the form of vulnerability reports.
Technical Characteristics
  • Gain visibility and governance across internet facing systems, applications, and firmware.
  • Receive targeted intelligence on vulnerable software and server fleets with recommendations for correct patches.
  • Uplift scanning and patching strategy to improve WoQG threat landscape.

The implementation of Rapid 7 InsightVM vulnerability scanning console, along with the WoQG Splunk Dashboard and Vulnerability Health Check service, will provide coverage of non-managed and unauthorised devices on agency networks. It aims to identify common misconfigurations and detect weaknesses such as SQL Injection vulnerabilities, expiring certificates, default passwords and common OWASP application issues.

Eligibility and Funding

Service Name

Qld Government Agencies

Statutory Bodies

Local Government

Government Owned Corporation

Vulnerability Scanning

Eligible / No Cost

Eligible / No Cost

Eligible / No Cost

Eligible / At Cost

Vulnerability Health Check

Eligible / No Cost

Eligible / On Application

Eligible / On Application

Eligible / At Cost

Related Services
WoQG Cyber Range

The WoQG Cyber Range platform provides QG ICT professionals a safe environment in which to practice and gain hands-on cybersecurity skills. The Cyber Range provide a secure, legal environment for cybersecurity education, practice, and cyber warfare training. Threat isolation is ensured by providing ICT professionals the ability to recognise and respond to real-world challenges in a controlled environment. This approach guarantees that agency infrastructure and data is never at risk as a result of cybersecurity training.

Vulnerability Management CoP

The Vulnerability Management Community of Practice (CoP) consists of an organised group of ICT professionals from Queensland Government agencies who meet on a regular basis to collaborate and share information, improve their cyber security skills, and actively work on advancing their general knowledge of Vulnerability Management.

Service Provisioning

Please complete the Vulnerability Scanning application form to commence onboarding this service or contact your Cyber Security Unit representative at CyberSecurityUnit@qld.gov.au to discuss how we can assist you.

Partnership Arrangement

The Cyber Security Unit Partnership Arrangement details the collaborative approach between the CSU and the Client to promote the uptake of Cyber Security Services with the aim of increasing the protection of the Queensland Government information systems from cyber security threats.


Last Reviewed: 28 July 2022